Subscribe to our Threatpost Today newsletter

Join thousands of people who receive the latest breaking cybersecurity news every day.

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

*

*

I agree to my personal data being stored and used to receive the newsletter

*

I agree to accept information and occasional commercial offers from Threatpost partners

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Apple Patches KRACK Vulnerability in iOS 11.1

Apple has patched the KRACK vulnerability in iOS and elsewhere in its product line, closing a key re-installation vulnerability in the WPA2 protocol implemented used by its software.

Apple has patched iOS, macOS and other products to protect against the KRACK vulnerability recently disclosed in the WPA2 Wi-Fi security protocol.

KRACK, short for key re-installation attack, allows an attacker within range of a victim’s Wi-Fi network to read encrypted traffic with varying degrees of difficulty.

Many vendors had patched KRACK in their respective products prior to the Oct. 16 public disclosure. Researcher Mathy Vanhoef of Belgium found and privately disclosed to numerous organizations starting in July and helped coordinate disclosure.

Apple was among the holdouts to repair its offerings until today; the update is part of iOS 11.1 and includes patches for 13 bugs in Webkit, and other fixes in the kernel, iMessages, and elsewhere. Apple also patched KRACK in macOS High Sierra, Sierra and El Capitan, all of which were updated today, as well as in tvOS and watchOS

Given that KRACK is a protocol-level bug, it had many experts on edge in its early days. Since then, some of the anxiety has eased given the varying degrees of ease of exploit and conditions that must be in place for an attack to be successful.

Since KRACK cannot be exploited remotely and an attacker must be in range of the Wi-Fi network, this somewhat blunts the severity of the issue. Also, VPNs and TLS connections add layers of encryption to communication from home and business networks to the internet. Enterprises are likely most in the line of fire when it comes to the KRACK bug.

“The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations,” Vanhoef wrote in an advisory published Oct. 16. “Therefore, any correct implementation of WPA2 is likely affected.”

The vulnerability surfaces in the four-way handshake carried out when clients join WPA2-protected networks. A pre-shared network password is exchanged during this handshake, authenticating the client and access point. It’s also where a fresh encryption key is negotiated that will be used to secure subsequent traffic.

It is at this step where the key reinstallation attack takes place; an attacker on the network is able to intercede and replay cryptographic handshake messages, bypassing a mandate where keys should be used only once. The weakness occurs when messages during the handshake are lost or dropped—a fairly common occurrence—and the access point retransmits the third part of the handshake (re-using a nonce), theoretically multiple times.

An attacker sniffing the traffic could replay it offline and piece together enough information to steal secrets.

“By forcing nonce reuse in this manner, the encryption protocol can be attacked, e.g., packets can be replayed, decrypted, and/or forged,” Vanhoef said. “The same technique can also be used to attack the group key, PeerKey, TDLS, and fast BSS transition handshake.”

Discussion

This is what it says :
Quote:
Wi-Fi
Available for: iPhone 7 and later, and iPad Pro 9.7-inch (early 2016) and later
Impact: An attacker in Wi-Fi range may force nonce reuse in WPA clients (Key Reinstallation Attacks - KRACK)
Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management.
CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven

Authors

Threatpost

InfoSec Insider Post

InfoSec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Sponsored

Sponsored Post

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.